Http-01 fails with connection error?

I am not sure If this is the right place to ask however I try. Feel free to delete this post if I posted on the wrong place. I set up a gitea server and can't get a let's encrypt certificate but I am not sure if this might be a network/connection problem or a misconfiguration of gitea. I think gitea utalizes a certbot on its boot process in order to get a let's encrypt certificate. However this fails (see log below).

The http-01 challenge failed but the host is reachable via http on port 80 from external? Is there a way to debug this issue?

My domain is:

I ran this command:
GITEA_WORK_DIR=/mnt/data/gitea/ /usr/local/bin/gitea web -c /etc/gitea/app.ini

It produced this output:

1.6766548312522943e+09  info    maintenance     started background certificate maintenance      {"cache": "0xc000147570"}
1.6766548312532663e+09  info    obtain  acquiring lock  {"identifier": ""}
1.676654831260435e+09   info    obtain  lock acquired   {"identifier": ""}
1.6766548312608883e+09  info    obtain  obtaining certificate   {"identifier": ""}
1.6766548312946668e+09  info    waiting on internal rate limiter        {"identifiers": [""], "ca": "", "account": ""}
1.6766548312947736e+09  info    done waiting on internal rate limiter   {"identifiers": [""], "ca": "", "account": ""}
1.6766548323967907e+09  info    acme_client     trying to solve challenge       {"identifier": "", "challenge_type": "http-01", "ca": ""}
1.6766548329715614e+09  error   acme_client     challenge failed        {"identifier": "", "challenge_type": "http-01", "problem": {"type": "urn:ietf:params:acme:error:connection", "title": "", "detail": " Fetching Connection refused", "instance": "", "subproblems": []}}
1.6766548329718156e+09  error   acme_client     validating authorization        {"identifier": "", "problem": {"type": "urn:ietf:params:acme:error:connection", "title": "", "detail": " Fetching Connection refused", "instance": "", "subproblems": []}, "order": "", "attempt": 1, "max_attempts": 3}
1.6766548343264039e+09  info    acme_client     trying to solve challenge       {"identifier": "", "challenge_type": "tls-alpn-01", "ca": ""}
1.6766548353137372e+09  error   acme_client     challenge failed        {"identifier": "", "challenge_type": "tls-alpn-01", "problem": {"type": "urn:ietf:params:acme:error:connection", "title": "", "detail": " Connection refused", "instance": "", "subproblems": []}}
1.6766548353140833e+09  error   acme_client     validating authorization        {"identifier": "", "problem": {"type": "urn:ietf:params:acme:error:connection", "title": "", "detail": " Connection refused", "instance": "", "subproblems": []}, "order": "", "attempt": 2, "max_attempts": 3}
1.6766548353144171e+09  error   obtain  could not get certificate from issuer   {"identifier": "", "issuer": "", "error": "HTTP 400 urn:ietf:params:acme:error:connection - Connection refused"}
1.676654835314611e+09   info    obtain  releasing lock  {"identifier": ""}

My web server is (include version):
gitea 1.18.3 (

The operating system my web server runs on is (include version):
Debian 11

My hosting provider, if applicable, is:
Self hosted

I can login to a root shell on my machine (yes or no, or I don't know):

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): None

Hello @stubenhocker, welcome to the Let's Encrypt community. :slightly_smiling_face:

Have you tried Let's Debug?

1 Like

Also here is a list of issued certificates |, the latest being 2023-02-15 for

1 Like

Thanks @Bruce5051
I didn't kow that such a tool exists. However it says that at least the http-01 challange should be possible since the connection to the webserver can be made.

Thats odd, according to my logs I never got a certificate. It seems like the gitea software I use does silly things... :confused:


Hi @stubenhocker,

You might want to look to forums for gitea


Well, currently it says something else entirely:


ERROR has an A (IPv4) record ( but a request to this address over port 80 did not succeed. Your web server must have at least one working IPv4 or IPv6 address.

Get "": dial tcp connect: connection refused

@0ms: Making a request to (using initial IP
@0ms: Dialing
@101ms: Experienced error: dial tcp connect: connection refused



A test authorization for to the Let's Encrypt staging service has revealed issues that may prevent any certificate for this domain being issued. Fetching Connection refused

From my location I see the same: connection refused.

Is the IP address correct?


@Osiris Yeah, I gave up with the certbot integration of gitea and used an nginx reverse proxy instead.
Everything works fine for now. :wink: Thanks anyone!


How do you mean 'certbot integration'? I'm not aware Gitea uses Certbot internally. According to the Gitea source, it uses the certmagic from Caddy (gitea/web_acme.go at e7ef94e00f1319e5fb876f47fee28728bd671f07 · go-gitea/gitea · GitHub).


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.